Clear failed image loads when an <img> is adopted into a different document
authoradamk@chromium.org <adamk@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 3 Jan 2013 19:52:26 +0000 (19:52 +0000)
committeradamk@chromium.org <adamk@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 3 Jan 2013 19:52:26 +0000 (19:52 +0000)
https://bugs.webkit.org/show_bug.cgi?id=104409

Reviewed by Nate Chapin.

Source/WebCore:

This avoids an assertion failure setImageWithoutConsideringPendingLoadEvent().

Test: loader/image-loader-adoptNode-assert.html

* loader/ImageLoader.cpp:
(WebCore::ImageLoader::updateFromElement): Use new helper.
(WebCore::ImageLoader::updateFromElementIgnoringPreviousError): ditto
(WebCore::ImageLoader::elementDidMoveToNewDocument): ditto
(WebCore::ImageLoader::clearFailedLoadURL): Added a helper method to self-document the code.
(WebCore):
* loader/ImageLoader.h:
(ImageLoader):

LayoutTests:

* loader/image-loader-adoptNode-assert-expected.txt: Added.
* loader/image-loader-adoptNode-assert.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@138724 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/loader/image-loader-adoptNode-assert-expected.txt [new file with mode: 0644]
LayoutTests/loader/image-loader-adoptNode-assert.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/loader/ImageLoader.cpp
Source/WebCore/loader/ImageLoader.h

index e0affee..5ce3f18 100644 (file)
@@ -1,3 +1,13 @@
+2013-01-03  Adam Klein  <adamk@chromium.org>
+
+        Clear failed image loads when an <img> is adopted into a different document
+        https://bugs.webkit.org/show_bug.cgi?id=104409
+
+        Reviewed by Nate Chapin.
+
+        * loader/image-loader-adoptNode-assert-expected.txt: Added.
+        * loader/image-loader-adoptNode-assert.html: Added.
+
 2013-01-03  Vincent Scheib  <scheib@chromium.org>
 
         Sandbox-blocked pointer lock should log to the console.
diff --git a/LayoutTests/loader/image-loader-adoptNode-assert-expected.txt b/LayoutTests/loader/image-loader-adoptNode-assert-expected.txt
new file mode 100644 (file)
index 0000000..15dbd3a
--- /dev/null
@@ -0,0 +1,2 @@
+Blocked access to external URL http://foo.com/blarg.jpg
+Test passes if it does not ASSERT
diff --git a/LayoutTests/loader/image-loader-adoptNode-assert.html b/LayoutTests/loader/image-loader-adoptNode-assert.html
new file mode 100644 (file)
index 0000000..57088b3
--- /dev/null
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<script>
+if (window.testRunner) testRunner.dumpAsText();
+var doc = document.implementation.createHTMLDocument('');
+var img = document.createElement('img');
+img.onerror = function() { doc.adoptNode(img); };
+img.src = 'http://foo.com/blarg.jpg';
+</script>
+<div>Test passes if it does not ASSERT</div>
index ede6199..8f66296 100644 (file)
@@ -1,3 +1,23 @@
+2013-01-03  Adam Klein  <adamk@chromium.org>
+
+        Clear failed image loads when an <img> is adopted into a different document
+        https://bugs.webkit.org/show_bug.cgi?id=104409
+
+        Reviewed by Nate Chapin.
+
+        This avoids an assertion failure setImageWithoutConsideringPendingLoadEvent().
+
+        Test: loader/image-loader-adoptNode-assert.html
+
+        * loader/ImageLoader.cpp:
+        (WebCore::ImageLoader::updateFromElement): Use new helper.
+        (WebCore::ImageLoader::updateFromElementIgnoringPreviousError): ditto
+        (WebCore::ImageLoader::elementDidMoveToNewDocument): ditto
+        (WebCore::ImageLoader::clearFailedLoadURL): Added a helper method to self-document the code.
+        (WebCore):
+        * loader/ImageLoader.h:
+        (ImageLoader):
+
 2013-01-03  Vincent Scheib  <scheib@chromium.org>
 
         Sandbox-blocked pointer lock should log to the console.
index d02b790..413de59 100644 (file)
@@ -214,7 +214,7 @@ void ImageLoader::updateFromElement()
             m_hasPendingErrorEvent = true;
             errorEventSender().dispatchEventSoon(this);
         } else
-            m_failedLoadURL = AtomicString();
+            clearFailedLoadURL();
     } else if (!attr.isNull()) {
         // Fire an error event if the url is empty.
         // FIXME: Should we fire this event asynchronoulsy via errorEventSender()?
@@ -263,8 +263,7 @@ void ImageLoader::updateFromElement()
 
 void ImageLoader::updateFromElementIgnoringPreviousError()
 {
-    // Clear previous error.
-    m_failedLoadURL = AtomicString();
+    clearFailedLoadURL();
     updateFromElement();
 }
 
@@ -452,7 +451,13 @@ void ImageLoader::dispatchPendingErrorEvents()
 
 void ImageLoader::elementDidMoveToNewDocument()
 {
+    clearFailedLoadURL();
     setImage(0);
 }
 
+inline void ImageLoader::clearFailedLoadURL()
+{
+    m_failedLoadURL = AtomicString();
+}
+
 }
index bc85915..4cf3521 100644 (file)
@@ -92,6 +92,7 @@ private:
     void updateRenderer();
 
     void setImageWithoutConsideringPendingLoadEvent(CachedImage*);
+    void clearFailedLoadURL();
 
     ImageLoaderClient* m_client;
     CachedResourceHandle<CachedImage> m_image;